new idmap code
Gerald (Jerry) Carter
jerry at samba.org
Mon Dec 11 04:27:39 GMT 2006
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Simo,
For the most part I think we should merge the new idmap code.
There are a couple of problems though.
First, I'm not sure that I entirely like the configuration
parameters. But I don't have a really good alternative right
now. My hesitation is only due to the complexity. The smb.conf
settings seem to reflect a great deal of the internals of the
code.
Second, the gid_to_sid() code is failing for the when using
the nss idmap backend. The reason is that group mapping code
is just broken for Samba members servers in a Samba domain.
Of course, this was already the case, but where a gid should
be mapped to the Unix group domain, it is not showing up in ACLs
as S-1-0-0. the gid_to_sid() call should fall back to the legacy
gid_to_sid() if the winbind lookup fails regardless of whether or not
winbindd is running.
Neither of these are showstoppers however. Please merge to SAMBA_3_0.
I'd like to review the configuration settings before we release
the code in 3.0.24pre1.
cheers, jerry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFFfN46IR7qMdg1EfYRAlqeAKCEHvXp9Ul0Z53lSJVC/spwyQm3OwCggdCF
l51nJTOzVRDVRf6rxCefRcQ=
=poIe
-----END PGP SIGNATURE-----
More information about the samba-technical
mailing list